I am trying to redirect all traffic to https and all subdomains to main domain and can't get it right. I am using Ubuntu 14.04 with latest apache2.
I set up virtualhost for port 80 to redirect all traffic to https:
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
and setup ssl virtualhost to redirect all subdomains to main domain:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/example.com/public_html/
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/example.com-0001/chain.pem
Redirect permanent / https://example.com
</VirtualHost>
</IfModule>
Result is as follows:
WORKING http://example.com to https://example.com
WORKING http://anything.example.com to https://example.com
NOT WORKING https://anything.example.com to https://example.com
Question is: how I redirect ssl subdomain to main domain?
Please tell me what am I doing wrong.
Thanks a lot.
Best Answer
Given that it appears that Let's Encrypt will only begin issuing wildcard certificates in January 2018, and your server setup is earlier, it appears that you are not using a wildcard SSL certificate.
In order to connect with
https
, even to redirect or process your "alias," you have to have a valid SSL certificate for whatever domain the client sends.The SSL handshake takes place before anything in the Apache server is processed. In other words, if you are not using a wildcard SSL certificate, the SSL handshake will fail for
https://anything.example.com
before the Apache configuration file ever has a chance to process the alias.Whatever else may be an issue, this must be corrected before any further diagnosis, if required, can be had. For example, if the desired behavior is that the
https://anything.example.com
be "redirected" tohttp://example.com
you will probably have to use amod_rewrite
condition match as theRedirectMatch
directive is only matched against the URL-path, and the use ofServerAlias
will create the necessary match for handling the initial query, but will not attempt to "rewrite" or "redirect" the query to another desired URL.